[Secure-testing-commits] r56196 - in data: . CVE

Emilio Pozuelo Monfort pochu at moszumanska.debian.org
Wed Sep 27 17:15:47 UTC 2017 

Author: pochu
Date: 2017-09-27 17:15:47 +0000 (Wed, 27 Sep 2017)
New Revision: 56196

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
libarchive no-dsa in wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-27 17:07:39 UTC (rev 56195)
+++ data/CVE/list	2017-09-27 17:15:47 UTC (rev 56196)
@@ -696,17 +696,20 @@
 	- libarchive <unfixed> (bug #875960)
 	[stretch] - libarchive <no-dsa> (Minor issue)
 	[jessie] - libarchive <no-dsa> (Minor issue)
+	[wheezy] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/948
 CVE-2017-14502 (read_header in archive_read_support_format_rar.c in libarchive 3.3.2 ...)
 	- libarchive <unfixed> (bug #875974)
 	[stretch] - libarchive <no-dsa> (Minor issue)
 	[jessie] - libarchive <no-dsa> (Minor issue)
+	[wheezy] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
 CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in ...)
 	- libarchive <unfixed> (bug #875966)
 	[stretch] - libarchive <no-dsa> (Minor issue)
 	[jessie] - libarchive <no-dsa> (Minor issue)
+	[wheezy] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/949
 CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in ...)
 	{DSA-3977-1 DLA-1104-1}

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-09-27 17:07:39 UTC (rev 56195)
+++ data/dla-needed.txt	2017-09-27 17:15:47 UTC (rev 56196)
@@ -49,8 +49,6 @@
   NOTE: Couldn't reproduce CVE-2017-{69-72}. Wait for next upstream release 3.100 ?
   NOTE: https://lists.debian.org/debian-lts/2017/09/msg00082.html 
 --
-libarchive
---
 libav
   NOTE: Diego Biurrun (from the libav team) is working on patches.
   NOTE: undetermined issues are currently being triaged (Diego Biurrun and Hugo Lefeuvre

More information about the Secure-testing-commits mailing list